Why Does Information Security Concern My Company?

Evaluate the following statements for your own situation to determine if your company information is safe.

1. My company is confident that our web server is located in a safe place and managed by well-trained people.
   
2. My company has a clear policy on who is allowed to access to what kinds of information.
   
3. My company has designated personnel for information security, upgrades, backups and maintenance.
   
4. My company uses security tools such as firewalls and encryption.
   
5. My company has plans for emergency response and disaster recovery, and these plans are regularly reviewed.

If you answered "no" to any of the these questions, then information security in your company may have a number of security 'holes' that may be vulnerable to threats.

 

Examples of Threats and Related Security Concerns

	Security Concern Affected
	Confidentiality	Integrity	Availability
Denial of Service Attack			*
Power Supply Failure			*
Malicious Code Infection	*	*	*
Theft and Fraud	*		*
Website Intrusion	*	*	*
Unauthorised Data Access	*	*

Addressing and taking care of security holes is not necessarily a complicated and costly process. First you need to set the scope of security management required in your company. Look at the risk acceptance level of your company as you determine the scale of security management that meets your business needs.

Refer to the Information Security Management section for more details on the concept and process of security management in corporate environments.